Rapid increase in scareware and password-stealing Trojan infections

(10/09/2009)

Sunbelt Software has announced the top ten most prevalent malware threats, compiled from monthly scans performed by Sunbelt's antispyware tool, CounterSpy™, and its anti-malware solution, VIPRE® Antivirus + Antispyware™.

SunbeltLabs reports that password-stealing Trojan threat Trojan-Spy.Win32.Zbot.gen maintained the top spot on the list, but its prevalence increased by 53.7% month over month, to 7.67 percent of overall Sunbelt detections from 4.99 percent in July.

Trojan.Win32.Generic!BT which wasn’t on the list in July streaked to the second highest spot on the list with 7.57 percent of detections. Trojan.Win32.Generic!BT is a downloader associated with rogue security programs (also called “scareware”). Once downloaded, the rogues pretend to scan a victim’s computer for malware then display false warnings that the machine is infected. It tries to convince victims to purchase useless security software.

“The fact that Zbot is the top detection for the last two months isn’t surprising. It’s a very versatile piece of malcode that injects code from a remote site to steal information from its victims, including cached passwords, login credentials for web sites (chiefly banks) as well as data in certificates and cookies. It has some backdoor functionality and may record keystrokes,” said Sunbelt Software Vice President of Threat Research and Technologies Michael St. Neitzel.

“We first noticed an increased distribution of it in the middle of May when it was distributed through a number of spam campaigns. In one case, the spam email purported to be an airline e-ticket and in others it arrived as either an attachment that claimed to be from United Parcel or an alleged e-payment notification of an order with Amazon.com. We have documented more than 2,700 files related to Trojan-Spy.Win32.Zbot.gen since it was first detected.”

Trojan.Win32.Tdss.aalc (v) fell from second on the list in July to third in August with 3.62 percent, even though that was a higher percentage of detections than in July, when it was 2.92 percent.

Interestingly, the Win32.induc virus, which was highly publicised in August for propagating itself through Delphi development applications, did not make the list.

The top ten results represent the number of times a particular malware infection was detected during CounterSpy and VIPRE scans that report back to Sunbelt’s community of opt-in users.

The top ten most prevalent spyware threats are:
1. Trojan-Spy.Win32.Zbot.gen 7.67%
2. Trojan.Win32.Generic!BT 7.57%
3. Trojan.Win32.Tdss.aalc (v) 3.62%
4. BehavesLike.Win32.Malware (v) 3.11%
5. FraudTool.Win32.Antivirus2010 (v) 2.72%
6. Explorer32.Hijacker 2.53%
7. Trojan-Downloader.braviax 2.38%
8. Trojan.DNSChanger.Gen 2.24%
9. Exploit.PDF-JS.Gen (v) 2.23%
10. Trojan-Downloader.Zlob.Media-Codec 2.18%

Related topics:  Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources